georginaplatt
commented
2 years ago Feedback from Ben Whitfield-Heap @ FutureNHS
One thing that would be really helpful with the Service Standard is to show how each of the points map to either the service phases or the service assessments.
E.g. in point “9. Respect and protect users’ confidentiality and privacy” it says “carry out appropriate vulnerability and penetration testing”. It would be great however if it said things like
During Discovery/Alpha • Ensure you have budget and thought about how your will undertake penetration testing of your service in beta
During Beta • Ensure you have undertaken penetration testing of your service before you move into public beta
During Live • It’s good practice to ensure you have an annual penetration test of your platform in order to keep it secure.
The different points carry different weightings throughout a service’s journey through the phases and into live. It would be great if this could be shown against each standard as it would really help with planning.
Use this issue to discuss point 9 in the NHS service standard: Respect and protect users’ confidentiality and privacy If you have any comments or experiences that relate to the guidance as a whole, please use the GitHub issue for the NHS service standard
Parent
NHS service standard #336